W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1997

Re: Unverifiable Transactions / Cookie draft

From: Jeremey Barrett <jeremey@veriweb.com>
Date: Tue, 18 Mar 1997 11:40:44 -0800
Message-Id: <332EEFBB.2673385B@veriweb.com>
To: Steve Madere <madere@dejanews.com>
Cc: http-wg@cuckoo.hpl.hp.com
-----BEGIN PGP SIGNED MESSAGE-----

[BTW, sorry to turn this into a religious debate, but this is an 
extremely important issue.]

I am not against cookies. I am not against advertising using cookies.
Nothing in the draft makes it difficult to implement either. What I
am against is facilitaing the violation of my privacy. Specifically,
I should not be able to visit site X and be unwittingly tracked
by site Y at the same time, unless I have explicitly chosen to allow 
such. I believe the current draft covers this nicely.

Steve Madere wrote:
> 
> I think it is important to remember that what DoubleClick, FocalLink,
> and GlobalTrack use cookies for is to deliver controllable advertising.
> 
> Advertising is what will pay for most of the useful services on the
> web.  I think most people recognize this now.  It is important to
> advertisers to be able to know the number of unique individuals who
> see their message and to be able to control it.  (eg:  show this ad
> three times to each person)

- From what basis do you make this claim? I certainly do not recognize
that. This group is not here to cater to the interests of advertisers
because they whine about not being able to implement privacy-crippling
applications simply and easily. The potential misuse of advertising
data is astronomical in proportion, and I as a user should not be
required to be the guinea pig of the ad agency simply by browsing the
web. If I choose to give such data away, that's _my_ choice. We should
not make life difficult for the privacy-concerned user.

> 
> One does not have to know who the user is to accomplish this.  All one
> needs to know is that they are the same person that was already shown
> this ad three times so we should show another one now.
> 
> There is no need to violate anybody's privacy to achieve this goal.  
> This is in fact exactly what is achieved with a serial-number cookie.  
> Now, if you take away the auto-cookie capability, sites will be forced 
> to require users to register and "login" to get this kind of control.

How do you define "a violation of privacy"? I would _absolutely_ include
in that definition any knowledge of my activities without my consent.
Whether the consent be given explicitly or by choosing a policy which
allows my user agent to give consent for me. Now obviously by
visiting a site I am in essence giving consent to _that_ site to
know my IP address. I have not agreed to have some other site obtain
that data.

The idea that tracking cookies doesn't give away information is
wrong. I have an IP address. You have logs of my IP address at various
sites around the web. You can quickly begin to identify patterns
of behavior and tendencies without knowing my name. Usually,
learning more about someone is fairly easy based on IP address.

> 
> The "login" model is a serious step back in privacy.  Suddenly, we not
> only know it is the same person that was here earlier, we know it is a
> particular person with a particular email address etc.

"Logins" are explicitly consented to by the user. They type their
username, password, or whatever. Their personal information is
given away by choice, not by default.

> 
> The cookie method is more likely to remain anonymous since it is
> actually easier to administer anonymously than with a known identity
> for each user.  The "login" method on the other hand is easier to

Your definition of anonymous is lacking.

> administer if you require the users to identify themselves.  Given that 
> "more information is always better" to an advertiser, most sites using 
> the "login" method will fall to the temptation of requiring all kinds of 
> personal information from their users to grant access.  (eg: income, 
> address, etc.)
> 
> The inherint convenience in the "anonymous cookie" method has driven the
> market so far toward a much more anonyous method of controlling 
> advertising delivery.  If you take that away, get ready to register at 
> every useful site and give up all semblence of privacy.

I have no problem giving my information to some sites. If they require
that information, and I choose not to give it, then I can't get in.
Big deal. Again, my choice.

> Sites that cannot afford to create their own ad management systems would
> go out of business in the face of competion of larger sites with much
> better advertising control.  Their only choice is to join a network
> of centralized advertising delivery because it is too expensive for them
> to sell their advertising directly themselves.

Not so. They can purchase off-the-shelf ad management systems. They
just can't participate easily in giving their ad data away 
automagically without anyone's knowledge. The ad system has to
actually go and give it away behind everyone's back by sending logs
or whatever. At least then it's clear what is being done.

> 
> Nuking centralized ad management is indeed nuking smaller advertising
> supported websites and only those sites.
> 
> But take heart, they can always switch to the subscription model and
> then sell other people your address and annual income.

Then I won't subscribe. The bottom line is it's _my_ choice, not theirs.

Jeremey.

- -- 
=-----------------------------------------------------------------------= 
Jeremey Barrett                                  VeriWeb Internet Corp.
Crypto, Ecash, Commerce Systems                  http://www.veriweb.com/

PGP Key fingerprint =  3B 42 1E D4 4B 17 0D 80  DC 59 6F 59 04 C3 83 64
=-----------------------------------------------------------------------=

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMy7vxS/fy+vkqMxNAQFYnwQAuBXyOQQ+I/kAegjV25UPTWVzVXDwScAZ
8piMME0WxRPPaI8V3CCOVFVl5Eyiti2iWmUcp1w7AZLVWXrQgZ5bn3VvRlGMUKuD
j2E6K7r6U94qnzD7mO+n7nXl21gxib/ZTphkslrRSosnJJVqbtC/XlWqPcXBrjzC
Sxr/6y7khsg=
=zB+4
-----END PGP SIGNATURE-----
Received on Tuesday, 18 March 1997 11:56:02 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:31 EDT